Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2024, 20:25 UTC

General

  • Target

    https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fff5b8946f8,0x7fff5b894708,0x7fff5b894718
      2⤵
        PID:4328
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:4796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2168
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
          2⤵
            PID:2952
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:2280
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:2376
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                2⤵
                  PID:4916
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1884
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
                  2⤵
                    PID:3420
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                    2⤵
                      PID:4220
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                      2⤵
                        PID:2792
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                        2⤵
                          PID:1856
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,47902909932212445,9705523776861707260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3828 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4380
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2308
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3376

                          Network

                          • flag-us
                            DNS
                            8.8.8.8.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            Response
                            8.8.8.8.in-addr.arpa
                            IN PTR
                            dnsgoogle
                          • flag-us
                            DNS
                            209.205.72.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            209.205.72.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            www.jotform.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.jotform.com
                            IN A
                            Response
                            www.jotform.com
                            IN A
                            104.19.129.105
                            www.jotform.com
                            IN A
                            104.19.128.105
                          • flag-us
                            GET
                            https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
                            msedge.exe
                            Remote address:
                            104.19.129.105:443
                            Request
                            GET /assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE= HTTP/2.0
                            host: www.jotform.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            sec-ch-ua-mobile: ?0
                            dnt: 1
                            upgrade-insecure-requests: 1
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                            sec-fetch-site: none
                            sec-fetch-mode: navigate
                            sec-fetch-user: ?1
                            sec-fetch-dest: document
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 203
                            date: Wed, 02 Oct 2024 20:25:33 GMT
                            content-type: text/html; charset=UTF-8
                            p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
                            expires: Tue, 03 Jul 1970 06:00:00 GMT
                            last-modified: Wed, 02 Oct 2024 20:25:33 GMT
                            cache-control: no-store, no-cache, must-revalidate, max-age=0
                            cache-control: post-check=0, pre-check=0
                            pragma: no-cache
                            jf-trace-id: cc969dbc343e5702
                            strict-transport-security: max-age=31536000;
                            set-cookie: guest=guest_edbaadb652bf3bda; expires=Sat, 02 Nov 2024 20:25:33 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            set-cookie: guest=guest_edbaadb652bf3bda; expires=Sat, 02 Nov 2024 20:25:33 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            set-cookie: guest=guest_edbaadb652bf3bda; expires=Sat, 02 Nov 2024 20:25:33 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            global-router: true
                            x-raw-uri: /assign/:formID/#token
                            via: 1.1 google
                            cf-cache-status: DYNAMIC
                            server: cloudflare
                            cf-ray: 8cc76c2138196536-LHR
                          • flag-us
                            GET
                            https://api.jotform.com/formuser/242677647337166/combinedinfo?master=1
                            msedge.exe
                            Remote address:
                            104.19.129.105:443
                            Request
                            GET /formuser/242677647337166/combinedinfo?master=1 HTTP/2.0
                            host: api.jotform.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            accept: application/json, text/plain, */*
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            origin: https://www.jotform.com
                            sec-fetch-site: same-site
                            sec-fetch-mode: cors
                            sec-fetch-dest: empty
                            referer: https://www.jotform.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: guest=guest_edbaadb652bf3bda
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: image/x-icon
                            last-modified: Thu, 27 Apr 2023 16:06:34 GMT
                            etag: W/"644a9d8a-3c2e"
                            expires: Thu, 02 Oct 2025 20:25:34 GMT
                            cache-control: public, max-age=31536000
                            via: 1.1 google
                            cf-cache-status: HIT
                            age: 17118551
                            vary: Accept-Encoding
                            server: cloudflare
                            cf-ray: 8cc76c26eff06536-LHR
                            content-encoding: br
                          • flag-us
                            GET
                            https://www.jotform.com/favicon.ico
                            msedge.exe
                            Remote address:
                            104.19.129.105:443
                            Request
                            GET /favicon.ico HTTP/2.0
                            host: www.jotform.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            sec-fetch-site: same-origin
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: image
                            referer: https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: guest=guest_edbaadb652bf3bda
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: application/json
                            vary: Accept-Encoding
                            p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
                            expires: Thu, 01 Jan 1970 00:00:01 GMT
                            last-modified: Wed, 02 Oct 2024 20:25:34 GMT
                            cache-control: no-cache
                            pragma: no-cache
                            jf-trace-id: 0328e089cca1f109
                            set-cookie: userReferer=https%3A%2F%2Fwww.jotform.com%2F; expires=Sat, 02 Nov 2024 20:25:34 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            set-cookie: guest=guest_edbaadb652bf3bda; expires=Sat, 02 Nov 2024 20:25:34 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            set-cookie: userReferer=https%3A%2F%2Fwww.jotform.com%2F; expires=Sat, 02 Nov 2024 20:25:34 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            set-cookie: guest=guest_edbaadb652bf3bda; expires=Sat, 02 Nov 2024 20:25:34 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            x-raw-uri: formuser/:formID/combinedinfo
                            access-control-allow-credentials: true
                            access-control-allow-origin: https://www.jotform.com
                            access-control-allow-methods: PUT, POST, GET, OPTIONS, DELETE
                            content-encoding: gzip
                            via: 1.1 google
                            cf-cache-status: DYNAMIC
                            server: cloudflare
                            cf-ray: 8cc76c26dfdb6536-LHR
                          • flag-us
                            GET
                            https://js.jotform.com/actions.js
                            msedge.exe
                            Remote address:
                            104.19.129.105:443
                            Request
                            GET /actions.js HTTP/2.0
                            host: js.jotform.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: same-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            referer: https://www.jotform.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: guest=guest_edbaadb652bf3bda
                            cookie: userReferer=https%3A%2F%2Fwww.jotform.com%2F
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: application/x-javascript
                            last-modified: Fri, 17 May 2024 07:15:00 GMT
                            vary: Accept-Encoding
                            etag: W/"664703f4-2ec4"
                            expires: Thu, 31 Dec 2037 23:55:55 GMT
                            cache-control: max-age=315360000
                            cache-control: public
                            x-static: 1
                            access-control-allow-origin: *
                            content-encoding: gzip
                            via: 1.1 google
                            cf-cache-status: DYNAMIC
                            server: cloudflare
                            cf-ray: 8cc76c288a3c6536-LHR
                          • flag-us
                            GET
                            https://www.jotform.com/API/user/credential-rule-set
                            msedge.exe
                            Remote address:
                            104.19.129.105:443
                            Request
                            GET /API/user/credential-rule-set HTTP/2.0
                            host: www.jotform.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            accept: application/json, text/plain, */*
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            sec-fetch-site: same-origin
                            sec-fetch-mode: cors
                            sec-fetch-dest: empty
                            referer: https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            cookie: guest=guest_edbaadb652bf3bda
                            cookie: userReferer=https%3A%2F%2Fwww.jotform.com%2F
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:26:01 GMT
                            content-type: application/json
                            vary: Accept-Encoding
                            p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
                            expires: Thu, 01 Jan 1970 00:00:01 GMT
                            last-modified: Wed, 02 Oct 2024 20:26:00 GMT
                            cache-control: no-cache
                            pragma: no-cache
                            jf-trace-id: 1070888c608b5045
                            strict-transport-security: max-age=31536000;
                            set-cookie: guest=guest_edbaadb652bf3bda; expires=Sat, 02 Nov 2024 20:26:00 GMT; Max-Age=2678400; path=/; domain=.jotform.com; secure; HttpOnly; SameSite=None
                            x-raw-uri: user/credential-rule-set
                            content-encoding: gzip
                            via: 1.1 google
                            cf-cache-status: DYNAMIC
                            server: cloudflare
                            cf-ray: 8cc76ccbbce76536-LHR
                          • flag-us
                            DNS
                            cdn01.jotfor.ms
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cdn01.jotfor.ms
                            IN A
                            Response
                            cdn01.jotfor.ms
                            IN A
                            172.67.7.107
                            cdn01.jotfor.ms
                            IN A
                            104.22.72.81
                            cdn01.jotfor.ms
                            IN A
                            104.22.73.81
                          • flag-us
                            DNS
                            cdn.jotfor.ms
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cdn.jotfor.ms
                            IN A
                            Response
                            cdn.jotfor.ms
                            IN A
                            104.22.73.81
                            cdn.jotfor.ms
                            IN A
                            104.22.72.81
                            cdn.jotfor.ms
                            IN A
                            172.67.7.107
                          • flag-us
                            GET
                            https://cdn01.jotfor.ms/s/umd/143341b959a/for-login-flow.js
                            msedge.exe
                            Remote address:
                            172.67.7.107:443
                            Request
                            GET /s/umd/143341b959a/for-login-flow.js HTTP/2.0
                            host: cdn01.jotfor.ms
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            referer: https://www.jotform.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: text/javascript; charset=utf-8
                            expires: Wed, 02 Oct 2024 20:31:55 GMT
                            cache-control: public, max-age=86400
                            last-modified: Wed, 02 Oct 2024 19:31:33 GMT
                            etag: W/"7a461e5039160e6348ad4ece7e29e2dd"
                            x-store: gcs
                            cf-cache-status: HIT
                            age: 37
                            vary: Accept-Encoding
                            server: cloudflare
                            cf-ray: 8cc76c24ad3463c7-LHR
                            content-encoding: br
                          • flag-us
                            GET
                            https://cdn.jotfor.ms/fonts/?family=Circular
                            msedge.exe
                            Remote address:
                            104.22.73.81:443
                            Request
                            GET /fonts/?family=Circular HTTP/2.0
                            host: cdn.jotfor.ms
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: text/css,*/*;q=0.1
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: style
                            referer: https://www.jotform.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: text/css; charset=utf-8
                            vary: Accept-Encoding
                            expires: Thu, 01 Jan 1970 00:00:01 GMT
                            cache-control: max-age=86400
                            access-control-allow-origin: *
                            content-encoding: gzip
                            via: 1.1 google
                            cf-cache-status: HIT
                            age: 18
                            last-modified: Wed, 02 Oct 2024 20:25:16 GMT
                            server: cloudflare
                            cf-ray: 8cc76c24aa534141-LHR
                          • flag-us
                            GET
                            https://cdn.jotfor.ms/js/msal/msal-browser.js
                            msedge.exe
                            Remote address:
                            104.22.73.81:443
                            Request
                            GET /js/msal/msal-browser.js HTTP/2.0
                            host: cdn.jotfor.ms
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            referer: https://www.jotform.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: application/x-javascript
                            last-modified: Tue, 24 Sep 2024 14:59:24 GMT
                            vary: Accept-Encoding
                            etag: W/"66f2d3cc-459c3"
                            expires: Thu, 01 Jan 1970 00:00:01 GMT
                            cache-control: max-age=86400
                            content-encoding: gzip
                            via: 1.1 google
                            cf-cache-status: REVALIDATED
                            server: cloudflare
                            cf-ray: 8cc76c283f954141-LHR
                          • flag-us
                            DNS
                            2.159.190.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            2.159.190.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            105.129.19.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            105.129.19.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            66.209.201.84.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            66.209.201.84.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            107.7.67.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            107.7.67.172.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            81.73.22.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            81.73.22.104.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            api.jotform.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            api.jotform.com
                            IN A
                            Response
                            api.jotform.com
                            IN A
                            104.19.128.105
                            api.jotform.com
                            IN A
                            104.19.129.105
                          • flag-us
                            DNS
                            js.jotform.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            js.jotform.com
                            IN A
                            Response
                            js.jotform.com
                            IN A
                            104.19.129.105
                            js.jotform.com
                            IN A
                            104.19.128.105
                          • flag-us
                            DNS
                            connect.facebook.net
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            connect.facebook.net
                            IN A
                            Response
                            connect.facebook.net
                            IN CNAME
                            scontent.xx.fbcdn.net
                            scontent.xx.fbcdn.net
                            IN A
                            163.70.147.23
                          • flag-us
                            GET
                            https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Bold.woff2
                            msedge.exe
                            Remote address:
                            104.22.73.81:443
                            Request
                            GET /fonts/circular/fonts/Circular-Bold.woff2 HTTP/2.0
                            host: cdn.jotfor.ms
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            origin: https://www.jotform.com
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: cors
                            sec-fetch-dest: font
                            referer: https://cdn.jotfor.ms/fonts/?family=Circular
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: text/html
                            last-modified: Fri, 17 May 2024 07:14:50 GMT
                            vary: Accept-Encoding
                            expires: Thu, 31 Dec 2037 23:55:55 GMT
                            cache-control: public, max-age=315360000
                            access-control-allow-origin: *
                            via: 1.1 google
                            cf-cache-status: HIT
                            age: 79
                            server: cloudflare
                            cf-ray: 8cc76c29489752ab-LHR
                            content-encoding: br
                          • flag-us
                            GET
                            https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Medium.woff2
                            msedge.exe
                            Remote address:
                            104.22.73.81:443
                            Request
                            GET /fonts/circular/fonts/Circular-Medium.woff2 HTTP/2.0
                            host: cdn.jotfor.ms
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            origin: https://www.jotform.com
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: cors
                            sec-fetch-dest: font
                            referer: https://cdn.jotfor.ms/fonts/?family=Circular
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: text/html
                            last-modified: Fri, 17 May 2024 07:14:50 GMT
                            vary: Accept-Encoding
                            expires: Thu, 31 Dec 2037 23:55:55 GMT
                            cache-control: public, max-age=315360000
                            access-control-allow-origin: *
                            via: 1.1 google
                            cf-cache-status: HIT
                            age: 289
                            server: cloudflare
                            cf-ray: 8cc76c29489852ab-LHR
                            content-encoding: br
                          • flag-us
                            GET
                            https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff2
                            msedge.exe
                            Remote address:
                            104.22.73.81:443
                            Request
                            GET /fonts/circular/fonts/Circular-Book.woff2 HTTP/2.0
                            host: cdn.jotfor.ms
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            origin: https://www.jotform.com
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            dnt: 1
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: cors
                            sec-fetch-dest: font
                            referer: https://cdn.jotfor.ms/fonts/?family=Circular
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 200
                            date: Wed, 02 Oct 2024 20:25:34 GMT
                            content-type: text/html
                            last-modified: Fri, 17 May 2024 07:14:50 GMT
                            vary: Accept-Encoding
                            expires: Thu, 31 Dec 2037 23:55:55 GMT
                            cache-control: public, max-age=315360000
                            access-control-allow-origin: *
                            via: 1.1 google
                            cf-cache-status: HIT
                            age: 38
                            server: cloudflare
                            cf-ray: 8cc76c29489a52ab-LHR
                            content-encoding: br
                          • flag-us
                            DNS
                            accounts.google.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            accounts.google.com
                            IN A
                            Response
                            accounts.google.com
                            IN A
                            142.250.27.84
                          • flag-us
                            DNS
                            appleid.cdn-apple.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            appleid.cdn-apple.com
                            IN A
                            Response
                            appleid.cdn-apple.com
                            IN CNAME
                            appleid.cdn-apple.com.akadns.net
                            appleid.cdn-apple.com.akadns.net
                            IN CNAME
                            appleid.cdn-apple.com.edgekey.net
                            appleid.cdn-apple.com.edgekey.net
                            IN CNAME
                            e2885.e9.akamaiedge.net
                            e2885.e9.akamaiedge.net
                            IN A
                            104.78.170.24
                          • flag-nl
                            GET
                            https://accounts.google.com/gsi/client
                            msedge.exe
                            Remote address:
                            142.250.27.84:443
                            Request
                            GET /gsi/client HTTP/2.0
                            host: accounts.google.com
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            dnt: 1
                            sec-ch-ua-mobile: ?0
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            accept: */*
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: script
                            referer: https://www.jotform.com/
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            GET
                            https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
                            msedge.exe
                            Remote address:
                            104.78.170.24:443
                            Request
                            GET /appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js HTTP/1.1
                            Host: appleid.cdn-apple.com
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                            DNT: 1
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            Accept: */*
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: script
                            Referer: https://www.jotform.com/
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: Apple
                            Content-Type: application/javascript;charset=UTF-8
                            Cache-Control: public, max-age=86400,stale-while-revalidate=86400
                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                            Accept-Ranges: bytes
                            ETag: W/"43171-1727810464462"
                            Last-Modified: Tue, 01 Oct 2024 19:21:04 GMT
                            Vary: accept-encoding
                            Content-Encoding: gzip
                            Content-Length: 17356
                            Date: Wed, 02 Oct 2024 20:25:35 GMT
                            Connection: keep-alive
                            Access-Control-Allow-Origin: *
                          • flag-us
                            DNS
                            23.147.70.163.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            23.147.70.163.in-addr.arpa
                            IN PTR
                            Response
                            23.147.70.163.in-addr.arpa
                            IN PTR
                            xx-fbcdn-shv-01-lhr6fbcdnnet
                          • flag-us
                            DNS
                            24.170.78.104.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            24.170.78.104.in-addr.arpa
                            IN PTR
                            Response
                            24.170.78.104.in-addr.arpa
                            IN PTR
                            a104-78-170-24deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            84.27.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            84.27.250.142.in-addr.arpa
                            IN PTR
                            Response
                            84.27.250.142.in-addr.arpa
                            IN PTR
                            ra-in-f841e100net
                          • flag-us
                            DNS
                            241.150.49.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            241.150.49.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            53.210.109.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            53.210.109.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            206.23.85.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            206.23.85.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            172.210.232.199.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            172.210.232.199.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            77.190.18.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            77.190.18.2.in-addr.arpa
                            IN PTR
                            Response
                            77.190.18.2.in-addr.arpa
                            IN PTR
                            a2-18-190-77deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            19.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            19.229.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • 104.19.129.105:443
                            https://www.jotform.com/API/user/credential-rule-set
                            tls, http2
                            msedge.exe
                            3.3kB
                            17.2kB
                            29
                            37

                            HTTP Request

                            GET https://www.jotform.com/assign/242677647337166/RWJibmlGY1JpQWwyVUt0dEZqbVNUQXczN2EzclRCb2gvU2RTM3FGUDJmSEFzaG9YdGR1RW1oMlRZWlZvelVNbzJXT3dMYTZVYitwNHpieHdESDRuTXZhekptVHY3MmVFbEhPdHZRQlYzNjJMZlhXYkhnSGkwVGkyT0dYY1ZiUHE=

                            HTTP Response

                            203

                            HTTP Request

                            GET https://api.jotform.com/formuser/242677647337166/combinedinfo?master=1

                            HTTP Request

                            GET https://www.jotform.com/favicon.ico

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Request

                            GET https://js.jotform.com/actions.js

                            HTTP Response

                            200

                            HTTP Request

                            GET https://www.jotform.com/API/user/credential-rule-set

                            HTTP Response

                            200
                          • 172.67.7.107:443
                            https://cdn01.jotfor.ms/s/umd/143341b959a/for-login-flow.js
                            tls, http2
                            msedge.exe
                            6.7kB
                            297.3kB
                            123
                            230

                            HTTP Request

                            GET https://cdn01.jotfor.ms/s/umd/143341b959a/for-login-flow.js

                            HTTP Response

                            200
                          • 104.22.73.81:443
                            https://cdn.jotfor.ms/js/msal/msal-browser.js
                            tls, http2
                            msedge.exe
                            3.0kB
                            70.1kB
                            40
                            65

                            HTTP Request

                            GET https://cdn.jotfor.ms/fonts/?family=Circular

                            HTTP Response

                            200

                            HTTP Request

                            GET https://cdn.jotfor.ms/js/msal/msal-browser.js

                            HTTP Response

                            200
                          • 104.22.73.81:443
                            https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff2
                            tls, http2
                            msedge.exe
                            8.3kB
                            228.0kB
                            154
                            183

                            HTTP Request

                            GET https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Bold.woff2

                            HTTP Request

                            GET https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Medium.woff2

                            HTTP Request

                            GET https://cdn.jotfor.ms/fonts/circular/fonts/Circular-Book.woff2

                            HTTP Response

                            200

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 163.70.147.23:443
                            connect.facebook.net
                            tls
                            msedge.exe
                            3.4kB
                            94.7kB
                            49
                            83
                          • 142.250.27.84:443
                            https://accounts.google.com/gsi/client
                            tls, http2
                            msedge.exe
                            3.6kB
                            99.4kB
                            55
                            80

                            HTTP Request

                            GET https://accounts.google.com/gsi/client
                          • 104.78.170.24:443
                            https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
                            tls, http
                            msedge.exe
                            2.1kB
                            25.0kB
                            19
                            28

                            HTTP Request

                            GET https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

                            HTTP Response

                            200
                          • 8.8.8.8:53
                            8.8.8.8.in-addr.arpa
                            dns
                            66 B
                            90 B
                            1
                            1

                            DNS Request

                            8.8.8.8.in-addr.arpa

                          • 8.8.8.8:53
                            209.205.72.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            209.205.72.20.in-addr.arpa

                          • 8.8.8.8:53
                            www.jotform.com
                            dns
                            msedge.exe
                            61 B
                            93 B
                            1
                            1

                            DNS Request

                            www.jotform.com

                            DNS Response

                            104.19.129.105
                            104.19.128.105

                          • 8.8.8.8:53
                            cdn01.jotfor.ms
                            dns
                            msedge.exe
                            61 B
                            109 B
                            1
                            1

                            DNS Request

                            cdn01.jotfor.ms

                            DNS Response

                            172.67.7.107
                            104.22.72.81
                            104.22.73.81

                          • 8.8.8.8:53
                            cdn.jotfor.ms
                            dns
                            msedge.exe
                            59 B
                            107 B
                            1
                            1

                            DNS Request

                            cdn.jotfor.ms

                            DNS Response

                            104.22.73.81
                            104.22.72.81
                            172.67.7.107

                          • 8.8.8.8:53
                            2.159.190.20.in-addr.arpa
                            dns
                            71 B
                            157 B
                            1
                            1

                            DNS Request

                            2.159.190.20.in-addr.arpa

                          • 8.8.8.8:53
                            105.129.19.104.in-addr.arpa
                            dns
                            73 B
                            135 B
                            1
                            1

                            DNS Request

                            105.129.19.104.in-addr.arpa

                          • 8.8.8.8:53
                            66.209.201.84.in-addr.arpa
                            dns
                            72 B
                            132 B
                            1
                            1

                            DNS Request

                            66.209.201.84.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                            144 B
                            1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            107.7.67.172.in-addr.arpa
                            dns
                            71 B
                            133 B
                            1
                            1

                            DNS Request

                            107.7.67.172.in-addr.arpa

                          • 8.8.8.8:53
                            81.73.22.104.in-addr.arpa
                            dns
                            71 B
                            133 B
                            1
                            1

                            DNS Request

                            81.73.22.104.in-addr.arpa

                          • 8.8.8.8:53
                            api.jotform.com
                            dns
                            msedge.exe
                            61 B
                            93 B
                            1
                            1

                            DNS Request

                            api.jotform.com

                            DNS Response

                            104.19.128.105
                            104.19.129.105

                          • 8.8.8.8:53
                            js.jotform.com
                            dns
                            msedge.exe
                            60 B
                            92 B
                            1
                            1

                            DNS Request

                            js.jotform.com

                            DNS Response

                            104.19.129.105
                            104.19.128.105

                          • 8.8.8.8:53
                            connect.facebook.net
                            dns
                            msedge.exe
                            66 B
                            114 B
                            1
                            1

                            DNS Request

                            connect.facebook.net

                            DNS Response

                            163.70.147.23

                          • 8.8.8.8:53
                            accounts.google.com
                            dns
                            msedge.exe
                            65 B
                            81 B
                            1
                            1

                            DNS Request

                            accounts.google.com

                            DNS Response

                            142.250.27.84

                          • 8.8.8.8:53
                            appleid.cdn-apple.com
                            dns
                            msedge.exe
                            67 B
                            207 B
                            1
                            1

                            DNS Request

                            appleid.cdn-apple.com

                            DNS Response

                            104.78.170.24

                          • 8.8.8.8:53
                            23.147.70.163.in-addr.arpa
                            dns
                            72 B
                            116 B
                            1
                            1

                            DNS Request

                            23.147.70.163.in-addr.arpa

                          • 8.8.8.8:53
                            24.170.78.104.in-addr.arpa
                            dns
                            72 B
                            137 B
                            1
                            1

                            DNS Request

                            24.170.78.104.in-addr.arpa

                          • 8.8.8.8:53
                            84.27.250.142.in-addr.arpa
                            dns
                            72 B
                            105 B
                            1
                            1

                            DNS Request

                            84.27.250.142.in-addr.arpa

                          • 224.0.0.251:5353
                            523 B
                            8
                          • 8.8.8.8:53
                            241.150.49.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            241.150.49.20.in-addr.arpa

                          • 8.8.8.8:53
                            53.210.109.20.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            53.210.109.20.in-addr.arpa

                          • 8.8.8.8:53
                            206.23.85.13.in-addr.arpa
                            dns
                            71 B
                            145 B
                            1
                            1

                            DNS Request

                            206.23.85.13.in-addr.arpa

                          • 8.8.8.8:53
                            172.210.232.199.in-addr.arpa
                            dns
                            74 B
                            128 B
                            1
                            1

                            DNS Request

                            172.210.232.199.in-addr.arpa

                          • 8.8.8.8:53
                            77.190.18.2.in-addr.arpa
                            dns
                            70 B
                            133 B
                            1
                            1

                            DNS Request

                            77.190.18.2.in-addr.arpa

                          • 8.8.8.8:53
                            19.229.111.52.in-addr.arpa
                            dns
                            72 B
                            158 B
                            1
                            1

                            DNS Request

                            19.229.111.52.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            9e3fc58a8fb86c93d19e1500b873ef6f

                            SHA1

                            c6aae5f4e26f5570db5e14bba8d5061867a33b56

                            SHA256

                            828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                            SHA512

                            e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            27304926d60324abe74d7a4b571c35ea

                            SHA1

                            78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                            SHA256

                            7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                            SHA512

                            f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            216B

                            MD5

                            5c057a19c4f34bacd0bb70f31203221e

                            SHA1

                            a5d217064c9d9b3370b54dbd85854dbac4175d49

                            SHA256

                            ae5cd395bc97aef53dc5cbcff177c69835d1ac0a8058023d22cec2827fd1b3ee

                            SHA512

                            7f803134ca90fc282e2bc12d02ec8b5aeeb4dfe0916dad5c3007db543103c5ffd9f0508ee5a69f9cbd9b2b4ef9191dd50cbbea5805da9f9b9bafd8692fecb380

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            603B

                            MD5

                            43ca8ef38000b9e976ee5649541bbc16

                            SHA1

                            b2601716f88b1a996d1032a0261052898e8498a6

                            SHA256

                            dd7f93116e2dc9c99ded879a44371d6ba2012e6e1ead61c30a44431be7f10571

                            SHA512

                            41cc28e1745f0cc78b8e6fd93877e3f253fc131bd50a1147032227646b762d67b1bcf07f9d3d3ee9ada729882aa38e0f9b1182351ad9e825bbd9a16629649318

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            2644976d20f09d192a0c7c351c8e3de9

                            SHA1

                            dbaa3dd55ee434f2f84293ebe87f278a131e55e8

                            SHA256

                            1addec06bb7dd267de5d71761bf10087f1d17640b57b30f16596b796c5ef4aea

                            SHA512

                            37cccf3c52ce2f46568cc0c5822d6648ea732ef2017fcc19562abc584e42735960af893fa4a7f6aec38f796dfcd845ac1f84e9d9ae3ad5276b6f2a753a901d5f

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            a22f5c28a13fe3251e4a142b172508c2

                            SHA1

                            2459943c37fdc47c323cdaed6ea8d7b380157043

                            SHA256

                            a5f7a1bff5eb206737aa8ee84ec473d434253d05b8cf283e505c94681a66f327

                            SHA512

                            3783ca9af7d2200e23aa95596f188f804c561c71c8be69b82b72c889c190957796fb630dc81746ffc3c4bbe84c74c567ccd8e9ccfabd7c196027b0edb34d3ec7

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                            Filesize

                            538B

                            MD5

                            36b69cb968d878078f58a4334c7f82cc

                            SHA1

                            83d3b702358d83225ae8c72b184e62859824f62d

                            SHA256

                            bbbd4f1d46a717589d53b8fd74ece1b8abee630ed3a7117606317508c903763a

                            SHA512

                            46d9736ae5ce92efb49abab378b26ed2a9641460a35742fae6580e7efc11c60cf57e08d99df8c59b4cb126d36eef13e9353353695181d96ba2002405fe1e0144

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582611.TMP

                            Filesize

                            538B

                            MD5

                            1232d3497407e5bb8a4272ce51289383

                            SHA1

                            330e66c2a74f7dfb465750e91d77d0f465999c36

                            SHA256

                            a2400aaad5c0f07ac06558d7ad3b5dba3bb0fafb16d6b39af27ec2e83d59f70d

                            SHA512

                            790df0e4ae5e475ea26baae09e3280dba532f97c279e1ba6d97b84c251c1d81a85b76de8463f0424699fb2ff495ce7d36d59629f504c80c942f49822f966bfc8

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            10KB

                            MD5

                            fbb03c82e01692a045d19a92e4c27e8f

                            SHA1

                            05c571b3e7c5427c832f6d9355d1e8565183a137

                            SHA256

                            c80fd9718f72e4895d56a10ba6df60e359c807c4d38ec6f91904c72e164c6b1d

                            SHA512

                            d6dcf0df13dd658b392d2b0db9f5bedff212f236ae6c9ce57c852064c51c4a087d8883d849f2fa07b31f40105779606fe2dfe54947b2b64f61fc38b16421299a

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.